STATUS REPORT:
There is a new technique that "bad people" are using on the Internet in order to get things placed onto your Windows computer.
The process occurs when you access a web page containing this "WMF exploit." This can be done from ANY web browser, so Firefox users are not automatically safe.
This can also happen if you view e-mail that has pictures or other objects from an infected site. When the message is viewed, the material is stored on your computer. The material can be of any type, including key loggers and other spyware.
It affects all versions of Windows back to at least Windows 95. It only affects Windows machines, so Macintosh users are safe, as usual.
RECOMMENDATION:
1. If you have a computer that is being managed by someone else, don't worry about it. The manager of your computer has probably already taken steps to protect your computer. UM has notified all system managers, so there is no need for you to notify your local manager.
2. If you do not have administrator privileges on your computer, you are apparently safe. The installation of the bad stuff will fail, I guess.
3. If you have a computer that you manage, say at home or, in some cases, on your desktop at work, I suggest the following step.
NOTES: On Tuesday, January, 10, Microsoft is expected to release a patch for this exploit. If you are reading this on or after that day, just run Windows update you should be protected. I will update my www.snurl.com/mysecurity page as I gather more information.
And, of course, I am only making a recommendation. This is something that I did on my computers, but I can't guarantee that it won't cause problems on your computer.
Again, if someone manages your computer, DO NOT do this yourself. He or she might have a different way of dealing with this exploit.
Finally, the patch listed below does not work with Windows 98 or Windows 95 or, I think, Windows ME. Check the listed web page for complete details.
ACTION RECOMMENDATION: Go to http://www.grc.com/sn/notes-020.htm and download Ilfak's WMF patch utility from GRC. Install it. Reboot your computer. That will protect you. Once Microsoft offers a permanent patch, probably on Tuesday, you can remove Ilfak's patch using Control Panel > Add/Remove Programs. There is also a program there to test whether you are vulnerable.
Bill Vilberg
305-284-3949 (work); 786-218-3052 (cell); 305-255-9138 (home)
